20:00:06 #startmeeting Infrastructure (2012-03-29) 20:00:06 #meetingname infrastructure 20:00:06 #topic Robot Roll Call 20:00:06 #chair smooge skvidal Codeblock ricky nirik abadger1999 lmacken dgilmore mdomsch 20:00:06 Meeting started Thu Mar 29 20:00:06 2012 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:06 Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:00:06 The meeting name has been set to 'infrastructure' 20:00:06 Current chairs: Codeblock abadger1999 dgilmore lmacken mdomsch nirik ricky skvidal smooge 20:00:09 here 20:00:16 * wolfkit is here 20:00:17 * skvidal is here 20:00:18 who all is around for a infra meeting? fun and exciting! :) 20:00:46 * kwame here 20:01:02 * mdomsch_ 20:01:07 * adrianhannah is here 20:01:23 is here 20:02:12 ok, lets dive on in... 20:02:23 #topic New folks introductions and Apprentice tasks. 20:02:23 If any new folks want to give a quick one line bio or any apprentices 20:02:23 would like to ask general questions, they can do so now. Anyone? 20:02:33 hey yall 20:02:54 morning dgilmore 20:03:13 * nirik will wait a few on this then move on... 20:03:34 * abadger1999 here 20:03:34 * pingou here 20:03:54 #topic two factor auth status 20:04:05 anything new to report here? wolfkit ? skvidal ? 20:04:09 yes 20:04:17 bressers has passed me a sheaf of patches 20:04:22 fixing a number of things in pam_url 20:04:24 awesome. 20:04:36 skvidal: great, is there a place I can get these patches too? 20:04:37 I'm going to roll those in and let mr wolfkit take a look and mricon@kernel.org 20:04:42 wolfkit: there will be shortly :) 20:04:47 cool :) 20:04:55 also I spoke with mricon today about the totp.cgi 20:05:07 he has some folks testing it out and pam_url out in "production" 20:05:15 so not _Really_ production but in real life 20:05:21 nice. 20:05:24 and there are some issues - but perhaps solveable ones 20:05:37 I think we're moving in on a solution 20:05:43 ok. If it would help we could setup a test instance somewhere too... 20:05:49 I think it will 20:05:58 but I am glad to have responses back from bressers 20:06:13 b/c it feels like we're doing the right "due diligence" on something so security sensitive as this 20:06:21 kwim? 20:06:29 yes. We don't want to deploy something that messy/insecure for sure. 20:06:45 I have a test setup on my local system 20:06:50 that is just a couple of vm's 20:06:59 I may see about doing the same on a junk box 20:07:06 sounds good. 20:07:10 also 20:07:18 #info narrowing in on deployable solution. 20:07:19 icon has made the totp.cgi so it takes an optional pin 20:07:26 so instead of just being the otp 20:07:31 it can be pin + otp 20:07:49 good. 20:07:57 so a couple of things 20:08:03 if we want to make 2fa for the world 20:08:10 then, obviously, we're going to need to tie this into fas 20:08:25 but as a deployable/functional prototype for sysadmin-* or whatnot 20:08:34 I think we can probably get a way without the fas integration 20:08:47 and I'm sure it won't break abadger1999's heart to not have to deal with a fas rfe :) 20:08:52 yep. Just a lookup of pin and secret... 20:08:55 20:08:56 until we know it's what we want 20:09:06 does anyone object to that? 20:09:21 I think thats fine for a first cut... 20:09:40 if it all runs nicely and we are ready to expand, then we can look at how best to add to fas. 20:09:42 yeah, no reason to bother integrating into FAS until it's ready for 'primetime' :) 20:10:04 nod 20:10:08 for fas 20:10:15 it should be relatively straightforward 20:10:21 except we'd be storing actual seeds _somewhere_ 20:10:25 which is the sensitive part 20:10:28 #info will not integrate with fas for first cut, but after proof of concept is working. 20:10:41 abadger1999: hmmm 20:10:44 yeah, can see how best to store those... 20:10:47 abadger1999: could we encode the seed in fas with the pin? 20:11:06 abadger1999: so if the pin is wrong or the otp is wrong you get rejected? 20:11:29 abadger1999: it wouldn't be A LOT of security if our db was compromised 20:11:32 but it might slow someone down 20:12:14 anyway 20:12:16 that's off in the weeds 20:12:33 yeah, we can figure that out more when we get there. ;) 20:12:36 * smooge gets the weedwhacker 20:12:47 thanks for the news and work on this skvidal and icon and wolfkit. 20:12:48 heh 20:12:55 nirik: and bressers 20:12:59 he's been very helpful 20:13:09 yes. agreed. 20:13:12 I guess we could but it would be trivial to reverse 20:14:30 well only if the pin is kept in the clear 20:14:37 anyway 20:14:42 right, moving along. 20:14:55 #topic Staging re-work status 20:15:11 I've done some docs on this, still need to work on it more. and will do it after freeze is over. 20:15:17 #topic Applications status / discussion 20:15:22 any application news? 20:15:36 abadger1999 / lmacken / pingou / threebean / CodeBlock 20:16:14 haven't been around much the past few days, did anyone figure out what happened with mirrormanager wednesday morning? 20:16:41 * nirik isn't sure. 20:16:42 wolfkit, logs were blissfully unenlightening 20:17:00 pingou has been doing some *great* work on the mailman3 archiver instance 20:17:11 http://mm3test.fedoraproject.org/ 20:17:27 oh, I have one bit of news... I went and triaged all the bodhi bugs. Closed dups, closed things that were done, etc... cut them down some. I also added easyfix to some tickets that sound like they would be easy to fix for new folks. 20:17:43 nice! 20:17:50 I have nothing new for dpsearch. I tried pinging damaestro the other day but he was at dayjob and I didn't have a chance to ping him later that evening. I will try to catch up with him either tonight after class or tomorrow evening (tomorrow is probably better). 20:17:52 We may be getting a GSoC student to work on that -- I'm trying to start discussion with terri of the mailman devs about who's going to mentor and which org is going to sponsor and such 20:18:23 I hope to be able to couple HK with mm3 this week-end (if abadger1999 has some time as well) 20:18:38 pingou's latest addition to the archiver is to start implementing a REST API: http://mm3test.fedoraproject.org/api/ 20:19:22 pingou: HK? 20:19:29 HyperKitty :) 20:19:44 ah, right 20:20:37 so 20:20:42 mm3test has been useful 20:20:51 do we want to leave it as is 20:20:56 or setup another instance 20:21:40 ? 20:21:49 oh, also we have some smolt news: npmccallum has setup a new project called 'census' that will replace much of smolt. https://fedorahosted.org/census/browser 20:22:04 skvidal: at some point I think we want another instance but -- things are still very very developy atm 20:22:07 * nirik is fine on mm3test with whatever works for the people working on it. 20:22:09 abadger1999: if you'd like to leave mm3test as is b/c it lets you move more fluid that's fine 20:22:15 abadger1999: gotcha 20:22:16 absolutely 20:22:23 the machine is automatically applying patches/rpms 20:22:29 we're doing development in a virtualenv -- so some things aren't packaged and such. 20:22:31 and it is pretty isolated 20:22:37 abadger1999: I completely understand 20:22:42 and am supportive of that 20:22:47 I just wanted to help if you needed help 20:22:51 20:22:57 Thanks 20:23:03 cool 20:23:56 it don't think it will be too hard to get packaged, the dependency list isn't too high I think 20:23:57 ok, any other appy news? 20:25:38 hey I wonder if we could make the hosted mail mm3? 20:25:44 it is the smaller of the listsets 20:25:50 smooge: I wouldn't want mm3 in 'production' yet 20:25:53 once it's usable, yeah... 20:26:10 i am not talking production.. I am talking hosted :) 20:26:21 but yeah I understand 20:26:30 smooge: mm3 core is just beta - the admin web ui alpha 20:26:55 ah I thought it might be beta through and through 20:26:59 okie dokie 20:27:25 and the archiver pre-alpha-rc 20:27:28 ok, moving along then... 20:27:37 #topic Upcoming Tasks/Items 20:28:00 ok, we have slipped a week on beta, which slips the entire schedule a week. 20:28:03 #info 2012-03-20 to 2012-04-10 - F17 Beta Freeze 20:28:03 #info 2012-03-29 - take internetx01 out of rotation and power off 20:28:03 #info 2012-03-30 - 1:30am - run diag on internetx01. 20:28:03 #info 2012-04-01 - nag fi-apprentices. 20:28:03 #info 2011-04-03 - gitweb-cache removal day. 20:28:03 #info 2012-04-10 - drop inactive fi-apprentices 20:28:07 #info 2012-04-10 - F17Beta release day 20:28:09 #info 2012-05-01 to 2012-05-15 - F17 Final Freeze. 20:28:11 #info 2012-05-01 - nag fi-apprentices. 20:28:15 #info 2012-05-15 - F17 release 20:28:15 also, we have some upcoming maint on internetx01. 20:28:24 It's been locking up, so we want to take it down and run a hardware test on it. 20:29:40 I am going to take it's proxy out and power it off for that later tonight. 20:29:52 anything else anyone would like to schedule or note? 20:30:02 nothing leaps to mind 20:30:15 I've been working more with ansible and its playbooks 20:30:26 and I have the basis for something pretty workable for the builders 20:30:32 if anyone wants to get involved and check it out 20:30:52 ping at me or check out ansible on github or #ansible 20:31:20 sounds good. 20:31:47 #topic Tickets from Ages past 20:32:04 anyone want to bring up some ancient tickets we can discuss and dispatch? 20:33:02 https://fedorahosted.org/fedora-infrastructure/report/1?sort=created&asc=1 is our full list by filed time. 20:33:08 * skvidal looks at the ground and whistles 20:33:09 oh, I also filed the F17 beta tickets. 20:33:53 https://fedorahosted.org/fedora-infrastructure/ticket/1783 looks like something we could close. 20:34:08 +1 20:34:13 :fit 20:35:01 #topic Open Floor 20:35:08 anyone have any general items for open floor? 20:35:29 o/ 20:35:44 kwame: is that your hand up? 20:35:50 so, I've been in the #fedora-admin channel for some week snow 20:35:55 skvidal: yes :) 20:35:58 :) 20:36:14 and already hace access to some boxes 20:36:34 last week I spoke with nirik about a ticket that I thought I could work on 20:36:40 I changed people's email passwords and am working on a blog about 20:36:44 its slow going. 20:36:56 oh sorry. shuts up for kwame. 20:37:41 sorry 20:37:59 so, my question is basically, how can we know who are the new commers in here (like me) 20:38:29 good question... we don't keep a very good list or whatnot of new folks... 20:38:59 we do have the fi-apprentice group. You can mostly be sure anyone in the group as a user is new, if they are a sponsor or admin they have been around a while... 20:39:10 but that doesn't cover everyone. 20:39:16 .members fi-apprentice 20:39:16 nirik: Members of fi-apprentice: adrianhannah aphukan arielb +codeblock ctria davidvz fortu icon informatux jacibato jsh @kevin kubo mangas marcelk +nb @skvidal smillie @smooge +toshio 20:39:56 Open to ideas on improving things... 20:40:14 nirik: one more question, the ticket I tried to work on was very simple, just install nrpe and get a new nrpe.cfg in place 20:40:40 now, who should I ask about access, and just for +1 or -1 on how to access and do that kind of work? is the mailing list the proper place to do it? 20:40:43 or just irc? 20:41:36 which ticket? you're welcome to ask on irc... usually for apprentices we ask that you attach to the ticket a patch against our puppet repo that makes the change or fix. Then someone will apply it if all looks well. 20:42:31 we could definitely clarify that workflow tho. 20:42:39 ok 20:43:08 #action nirik to clarify ticket and commits workflow for apprentices on wiki. 20:44:14 nirik: so there's already a wiki for commits workflow for apprentices ? 20:44:14 kwame: let me make some changes and you can review them to see if they explain things or make sense. ;) 20:44:41 how much do we care about s3-mirror logs? 20:45:00 I've started the module to collect, process, and analyze them in awstats 20:45:08 on log02 20:45:25 but they're kind of large, and growing at a couple hundred MB a week 20:45:31 cool. I'm wondering if we shouldn't pick something better than awstats... I'm not all that impressed with it. 20:45:54 open to suggestions 20:45:56 mdomsch_: even compressed? 20:45:59 what else is there these days? 20:46:02 a perfect apprentice project 20:46:13 I can look at other stats issues or help an apprentice 20:46:14 lol 20:46:18 nirik, it's thousands of very small files, with a few hits per file 20:46:55 weird. can we just cat them and compress that. ;) 20:47:57 nirik, yes... 20:47:58 ideally we just want the data in some nice format and can toss the little files after a while. 20:48:13 I have S3 automatically nuking its copy of them after 60 days 20:48:24 smooge: might want to see if ianweller's stats thing could take over awstats functions too... 20:48:27 can adjust as necessary 20:48:38 ok will do so 20:48:46 it could 20:48:48 the most interesting bit of the stats is "what content is being requested" 20:48:57 e.g. Fedora X, EPEL Y 20:49:02 the IPs aren't 20:49:04 yeah. 20:49:18 so lightweight, lighter than awstats, would be fine 20:49:29 * mdomsch_ has been using cat/awk/sort/grep/uniq 20:49:47 yeah. It would be nice to see things like which fedorapeople repos are most popular, etc too... 20:50:05 oh 20:50:07 speaking of that 20:50:07 but I guess we can see whats out and easy to deploy 20:50:17 do we want to move the /srv/repos dir on fedorapeople over to /projects 20:50:23 so people aren't quota-limited there? 20:50:53 it was something I didn't think of during the people migration 20:50:58 but after looking at it 20:51:01 I realized it kinda makes sense 20:52:03 how big is that? 20:52:06 might be nice... 20:52:09 * skvidal looks 20:52:21 46G 20:52:24 s... biggish 20:53:07 * skvidal looks 20:53:17 most of it is spot 20:53:19 :) 20:53:28 :) 20:53:34 seriously 20:53:42 19G of the 46G is his repos 20:53:52 b/c he's captain bad-ass builder of chromium, etc 20:54:01 * nirik keeps pruning his calibre repo or it would grow pretty badly. 20:54:12 well this would help remove that need 20:54:28 yeah, I'd be ok with moving it... 20:54:38 a question tho: what do we want to back up there/ 20:54:51 that is a good question 20:55:02 so wehave a fair amount of stuff on fedorapeople 20:55:08 b/c it can be very convenient 20:55:16 yep. The first full backup hasn't finished since the move. ;( 20:55:24 nirik: I liked your idea of keeping a semi-hot backup somewhere 20:55:34 hmmm 20:55:39 so maybe an interesting test 20:55:45 use a junk box 20:55:54 and test rsync time to copy off all of people03 20:56:05 root+ssh+rsync 20:56:22 or use the vpn 20:57:02 * nirik isn't sure. wants to ponder on that some more. 20:57:59 nirik: it's a shame we don't have another place with enough disk at ibiblio or even at another i2 locaton 20:58:21 yeah. it would be nice ot have a people spare thats somewhere where it could go live if needed. 20:58:52 however, once we have cloud, we can move the dev/publictest stuff from osuosl and possibly do it there. 20:59:03 nod 20:59:05 I agree 20:59:22 I assume we've got nothing on an eta on anything cloud related or I would have already heard? 20:59:47 speaking of people and rsync, there was a request from someone who wanted to mirror fedorapeople.org 20:59:49 repos 20:59:56 mdomsch_: nirik replied iirc 21:00:01 not really... need to finalize hardware and order... then wait for that to show up, then we need netapp stuff to happy to get us storage there... 21:00:12 mdomsch_: it's not a terrible idea to make it rsyncable - a little worried what that might mean load-wise 21:00:15 mdomsch_: yeah, saw that. We could look at a rsync module I guess... 21:00:55 ok, we are over time... shall we call it a meeting? 21:01:04 okie dokie 21:01:51 thanks for coming everyone. Continue on #fedora-admin and on the list! 21:01:53 #endmeeting